VMware THIN4-CL-C Deployment Guide - Page 25

Controlling Access

Get VMware THIN4-CL-C - ThinApp Client - PC PDF manuals and user guides View all VMware THIN4-CL-C manuals
Add to My Manuals
Save this manual to your list of manuals

Page 25 highlights

When applications are deployed and installed as MSI's the desktop integration occurs automatically as ThinReg is run during the install. Exe-based Packages via ThinReg Packages that are created in the .EXE format will benefit from registration via the Thinreg.exe tool to provide seamless integration into the desktop. Applications will launch and run without registration, however, file type associations are often necessary for users who start with a data file and launch the application by association. The Thinreg.exe tool is a simple utility that can be run from a login script, from a local directory, or a file share. It provides the ability for administrators to register all of the packages at once using an asterisk (*) as a wildcard character. Administrators can use pre-made scripts that run based on group membership to only register packages that are valid for a certain group or for individuals. Also, ThinReg is aware of the Active Directory 'permitted groups' listing provided during the Setup Capture process. So if the user is not a member of the permitted groups ThinReg will not register the package. If you choose to deploy packages in .EXE format but wish to use an alternate method of creating shortcuts, you can use standard Microsoft Folder Redirection to place shortcuts on the desktop and in the Start menu. http://support.microsoft.com/kb/232692. Controlling Access The process of deploying virtualized applications offers administrators control and flexibility over which machines and users receive either the application packages or access to the packages. Utilizing Active Directory or an alternative software deployment solution for distribution allows an organization to use the existing processes and controls. In addition to these organizational controls, VMware ThinApp allows an administrator to embed access control into the package. This access control mechanism is obfuscated from the end user when the package is built so it is impossible to identify or remove before the application is launched. In this way, the access control travels with the package if it is moved between devices after deployment. This mechanism can also be used when packages are hosted centrally on a file share as a secondary control in addition to file share permissions. There are three mechanisms described in the following sections, which are available to use for access control functions. Active Directory Permitted Groups You can control access to applications using Active Directory groups. When the administrator specifies PermittedGroups in the setup capture process or manually places the SIDS in the package.ini file they are embedded into the package during the build process. The PermittedGroups entry in the Package.ini restricts usage of a package to a specific set of Active Directory users and provides the administrator a way to customize the error message to the user if they are not allowed to launch the application. For a desktop that is offline, the PermittedGroups function will utilize cached credentials to determine if the user has permission to launch the application. Custom Scripting Options VMware ThinApp allows for the execution of custom scripts before starting an application packaged with ThinApp, during the application's use, or after an application exits. Callback functions allow you to specify when blocks of code execute. Using the OnFirstParentStart function allows an administrator to check for a condition when the application is launched. To add scripts to your application, you can create an ANSI text file with the .vbs file extension in the root project directory for an application (the same directory in which Package.ini is located). During the build process, ThinApp adds all of the script files to the application package and then at runtime it 25

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
When applications are deployed and installed as MSI’s the desktop integration occurs
automatically as ThinReg is run during the install.
Exe-based Packages via ThinReg
Packages that are created in the .EXE format will benefit from registration via the Thinreg.exe tool
to provide seamless integration into the desktop. Applications will launch and run without
registration, however, file type associations are often necessary for users who start with a data file
and launch the application by association.
The Thinreg.exe tool is a simple utility that can be run from a login script, from a local directory, or
a file share. It provides the ability for administrators to register all of the packages at once using an
asterisk (*) as a wildcard character. Administrators can use pre-made scripts that run based on
group membership to only register packages that are valid for a certain group or for individuals.
Also, ThinReg is aware of the Active Directory ‘permitted groups’ listing provided during the Setup
Capture process. So if the user is not a member of the permitted groups ThinReg will not register
the
package
. If you choose to deploy packages in .EXE format but wish to use an alternate method
of creating shortcuts, you can use standard Microsoft Folder Redirection to place shortcuts on the
desktop and in the Start menu.
.
Controlling Access
The process of deploying virtualized applications offers administrators control and flexibility over
which machines and users receive either the application packages or access to the packages.
Utilizing Active Directory or an alternative software deployment solution for distribution allows an
organization to use the existing processes and controls. In addition to these organizational
controls, VMware ThinApp allows an administrator to embed access control into the
package
.
This
access control mechanism is obfuscated from the end user when the
package
is built so it is
impossible to identify or remove before the application is launched. In this way, the access control
travels with the
package
if it is moved between devices after deployment. This mechanism can
also be used when packages are hosted centrally on a file share as a secondary control in addition
to file share permissions. There are three mechanisms described in the following sections, which
are available to use for access control functions.
Active Directory Permitted Groups
You can control access to applications using Active Directory groups. When the administrator
specifies PermittedGroups in the setup capture process or manually places the SIDS in the
package.ini file they are embedded into the
package
during the build process. The
PermittedGroups entry in the Package.ini restricts usage of a
package
to a specific set of Active
Directory users and provides the administrator a way to customize the error message to the user if
they are not allowed to launch the application.
For a desktop that is offline, the PermittedGroups
function will utilize cached credentials to determine if the user has permission to launch the
application.
Custom Scripting Options
VMware ThinApp allows for the execution of custom scripts before starting an application
packaged with ThinApp, during the application’s use, or after an application exits. Callback
functions allow you to specify when blocks of code execute. Using the OnFirstParentStart function
allows an administrator to check for a condition when the application is launched. To add scripts
to your application, you can create an ANSI text file with the .vbs file extension in the root project
directory for an application (the same directory in which Package.ini is located). During the build
process, ThinApp adds all of the script files to the application package and then at runtime it
25